W3C home > Mailing lists > Public > whatwg@whatwg.org > February 2008

[whatwg] norefer vs refer

From: Ian Hickson <ian@hixie.ch>
Date: Wed, 20 Feb 2008 19:02:35 +0000 (UTC)
Message-ID: <Pine.LNX.4.62.0802201901580.20115@hixie.dreamhostps.com>
On Sun, 11 Nov 2007, Jim Jewett wrote:
>
> Instead worrying about how to spell noreferer, why not meet the need 
> another way, such as a "refer" attribute which indicates a string to use 
> in place of the URL.
> 
>     <a href="www.example.com">default to using the
>        current URL</a>
> 
>     <a href="www.example.com"
>           refer="http://localcharity.org">Give the affiliate
>             credit to localcharity.org</a>
> 
>     <a href="www.example.com" refer="None">Don't
>        provide any particularly useful tracking
>        information.</a>

While well-meaning, this feature could unfortunately be used for all kinds 
of evil things, such as getting around CSRF protection, bandwidth 
leeching, and so forth.

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'
Received on Wednesday, 20 February 2008 11:02:35 UTC

This archive was generated by hypermail 2.3.1 : Monday, 13 April 2015 23:08:39 UTC